Report a Vulnerability
Submit, help fixing, get kudos.
Start a Bug Bounty
Run your bounty program for free.
553,570 coordinated disclosures
355,588 fixed vulnerabilities
837 bug bounties with 1,619 websites
17,252 researchers, 1151 honor badges

Personyze LC Bug Bounty Program

Personyze LC runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Personyze LC

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Personyze LC and researchers.

Bug bounty program allow private submissions only.

Bug Bounty Scope

The following websites are within the scope of the program:


Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Vulnerability types that qualify for the program include in the only :

Depending on their impact, not all reported issues may qualify for a monetary reward. Please refrain from:
Denial of Service (DoS) or performing other actions that may negatively affect Personyze users (spam)
Accessing private information (so use test accounts)
Sending reports from automated tools without verifying them
The following issues are outside the scope of our vulnerability rewards program (either ineligible or false positives):
WordPress issues, sites builts on WordPress
Rendering HTML content without security impact. Rendering HTML content must demonstrate javascript execution or some other malicious action.
Triggering emails to be sent to another users account
Pages and content cached after logout
Password complexity requirements
User or account ID enumeration
Issues related to software or protocols not under Personyze control
Vulnerabilities in third-party applications or services which use or integrate with Personyze / - WordPress, - an internal-only site
Vulnerabilities in third-party applications that are integrated with the Personyze product via developer platform components, such as OAuth and Canvas
Dangling DNS Records - Issues related to stale CNAME records or any other DNS record
Vulnerabilities affecting users of outdated browsers or platforms
Social engineering of Personyze staff or contractors or physical attempts against property
Reports relating to email spoofing (inadequate SPF, DKIM and DMARC configurations)
Reports relating to HSTS - we can't enable it yet but plan to
Reports related to shared computer accounts
Support system accessed via the 'Provide Feedback' link.
Generally, non-qualifying Web-related bug reports have little or no practical significance to product security. Google Bughunter University has a great writeup of bugs that fall into this category -

Testing Requirements:

Vulnerability types that qualify for the program include in the only :
Personyze customers embed a small Javascript snippet into their web pages. This javascript is served from a CDN. The javascript contains the logic for the personalization. This is the most sensitive part of our product and we are particularly interested in vulnerabilities related to this snippet.
Vulnerability types that qualify for the program include in the only :
Cross-Site Scripting
SQL Injection
Remote Code Execution
Cross-Site Request Forgery
Directory Traversal

Possible Awards:

Technical severity under
Critical $100
Severe $50
Not include any issues under

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  How quickly researchers get responses to their submissions.
Remediation Time  How quickly reported submissions are fixed.
Cooperation and Respect  How fairly and respectfully researchers are being treated.

Researcher's comments

    30 July, 2020
Hello team can you please share you email so that I can report the bug apart from these .

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

  Latest Patched


  Latest Blog Posts

24.06.2020 by Gkexamquiz
How to Find Contacts To Report Bugs & Security Vulnerabilities | Bug Bounty Tutorials 2020
24.06.2020 by 0xcrypto
Improper Access Control - Generic: Unrestricted access to any "connected pack" on docs in
04.04.2020 by Rando02355205
(Alibaba) [IDOR] - [Bug Bounty]
12.03.2020 by Rando02355205
(Paypal) [CSP High Level] - [XSS Reflected] - [Bug Bounty] - [Write Up]
08.03.2020 by CybeReports XSS Vulnerability| CybeReports

  Recent Recommendations

    6 August, 2020
Thank you Rajesh for reporting vulnerabilities on our website, your quick and detailed response was very valuable to us!
    6 August, 2020
Thanks to @singhnitesh21 we were able to close a vulnerability on our website asap. Thank you!
    5 August, 2020
Thank you for pointing out the vulnerability.
Thanks to you, I was able to respond safely.
    5 August, 2020
Great work, thanks for finding a bug and kindly reporting it.
    5 August, 2020
Numan has responsibly reported a CSRF vulnerability on our website. We credit Numan for responsible disclosure.